Posts by Povl H. Pedersen

Why was all recipients visible in the first place ?

This would be illegal in civilized countries, and against OpSec in most countries.

BCC exists for a reason, but I know that Microsoft is hiding it. But people sending out mass mails should be taught. Or as they do in the military, promoted to the level where he makes least possible damage.

Cloud must be used right

Cloud must be used right.

Any VM / lift&shit you buy will be way more expensive in the cloud. We used to say 8 hours/day was the break-even point and if your on-prem hardware lasts over 3 years, it was even less you could afford to run cloud.

But, some cloud services makes sense. Running scalable cloud apps, databases etc. And you should be aware what yopu get included. You don't need anybody maintaining the stuff below.

But infrastructure as a service is bad,.

Wrong architecture.

If you have as many locations as hotels, with frequent employee replacement, there is only one great solution.

That is the classic architecture. Some call it Mainframe, other calls it Citrix/Terminal server (with no Internet access from the remote desktop), yet other calls it WebApps.

There is NO reason why huge amounts of data should exist in a hotel branch, no way it should be exportable to a USB drive in a hotel near Kremlin. They are handling GDPR personal data, even sensitive data in some cases.

The only people who should have access to bulk data are IT staff at a central location, whose access is limited with MFA - preferable good MFA (Yubikey or equivalent).

Thus wrong design causes huge data loss thru a low level employee. Nothing new here. But I think EU should fine them 4% of their global turnover since it keeps happening, they clearly are not sufficient technical or organizational means in place, despite 2 earlier warnings.

Old stuff

Macintosh OS 1.0 to 7.x was written in Pascal, and all interfaces were Pascal, no matter what programming language you used.

OS X was a brand new OS.

Early 1980-ties I wanted the white Forth computer, looked like a ZX-81½ but with rubber keys, like they later came to the ZX Spectrum.

I doubt the ZX-81 with its 1kb of RAM had a C-based OS.

I have been programming in assembler, BCPL, C, C++, Pascal, Modula-2 and many more. I think I was introduced to Oberon at university. But programming languages comes and goes. C has stuck around forever.

You are clueless

Oat (roasted oat) with a bit of sugar and cold milk is pretty popular in places. I have eaten it on an almost daily basis for 50+ years.

Using heat to break down the good stuff is no good. Let the stomach have something harder to digest to work with. It is actually pretty healthy

Cyberattack = real attack

NATO considers a cyuberattack on citricial infrastructure as a real attack, that invokes the paragraph 5 of NATO.

So that would be a war declaration against NATO.

But I think that Russia does not really have the capabilities they thought. Not hackers, and certainly not a good army.

Truly amazing patent

Can't people see it ? This is a completely new invention.

All former works has had a frame or something making the computer define the desktop space needed.

This is completely different, here it is the desktop space of the keyboard that limits the computer size.

I still have my ZX81, it had like 40% of the desktop area behind/above the keyboard. That could be saved with the new Apple patent.

This is new true magic :-)

You get what you pay for

See subject

IBM - Inexperienced with Bad Management

IBM - Inexperienced with Bad Management - That is what they want to be.

It is not old age that is a problem, it is management.

If you keep the old guy doing the same thing day after day, that is what he gets good at doing.

If the old guy has been problem solving each and every day, he is way better at that than people who have only 10 years experience.

IMHO experience is not to be underrated in IT. Or the bad influence of bad managers. There are few leaders out there, add many bosses and managers.And the bosses are not needed anywhere with educated staff. They can shout at recruits.

Indians too expensive ?

I expect the Indians has become too expensive for Indian banks.

When they are in competition with the rest of the world, they have to pay same prices as american companies.

So of course they will outsource and enjoy all the struggle with communications, outsourcing emplyees costing half but spending 10 times as many hours etc.

All managers knows it is better to pay 10 hours @ $20/hour for low quality than 2 hours at $50/hour for good quality. That is why they outsource in the first place. But they think that since IT is moving so slow, they save paying for all the idle time.

Wireguard

I think one important reason for Wireguard existing in the first place is that the Raspberry Pi series are one of the few ARM boards that does NOT do hardware crypto. So wireguard was written to get decent VPN performance on the RPi.

I use TV boxes instead, cheaper, faster, and with built-in MMC memory. And they can do hardware crypto, so no reason for me to sacrifice 1 CPU core for VPN when I can run it in hardware crypto.

WG was not written to negotiate encryption algo,

WG has its place. I use it in containers. But it is wasted if you have hardware crypto.

Cloud or not

Cloud has many advantages.

The biggest advantage is that it is not a headcount item, so you can not downsize management of the servers. Servers do get patched. No FUD can delay that. Bad code will break, but you have to adapt. Inside company walls - own servers - you would be forced to roll back.

But it is expensive, comes with very little support. But usually runs better than self-maintained.

I like cloud for many reasons, but there are also risks associated with it. You have to compare internal operations risks vs cloud operations + cloud risks.

Many companies outsources or goes cloud because they can not get qualified staff to run things on-site. Devops (the new word for the classic sysadm) people are a rarity.

Passwords ?

No good app will have passwords.

It will at best have API keys that are hardwired, and likely changed for each release so they can be used to track releases in use.

The good things with API keys is, that they are applied before user validation, and before users gets their access token, giving them access to only their own data.

And you can block API keys, so basicly killing 1 version of the software only. Or throttle them. Or other interesting things.

Anything looking like a university should be aware, and do things the right way.

EU law

EU law prevents them from setting the cookies in the first place without consent. So say no to tracking cookies instead. Or sue them if that does not work.

Better attack than defend

Everybody follows the minority player

Again, everybody follows the small marketshare player Apple.

They sell less than 15% of all smart-phones, yet considered a monopoly. I guess they redefined what monopoly means :-)

Now, when will we get warnings in Windows about clipboard snooping ? Something Apple will warn about in next gen OS-X and iOS.

ADRM

Oh, I thought AD RM was ReMove Active Directory ?

Maybe Microsoft did too, and wanted to remove the threat.

Swedish situation

The US is trying to end up in a swedish situation.

To not make difference between people is pure socialism.

BlackLivesMatter are racists because they use skin color to promote their case. They should change their slogan to "All LivesMatter", and put action behind it, instead of meeting at virus spread meetings

There is a reason why we are many that tries to un-cloudify our products.

My Xiaomi is cloudsless thanks to valetudo.

All zigbee devices are controlled through zigbee2mqtt

All WiFi Switches runs Tasmota if they do not natives support MQTT.

My Visonic alarm system is networkable thanks to a $4 serial to Ethernet module and not the $250 cloud bridge.

And everything is controlled by Home Assistant

RTC

In case of comms lost, it likely has an emergency procedure. A few years ago, drones always entered into RTC mode (Return to China).

So look east, likely somewhere into Russia.

Still do not understand why loss of radio would cause loss of drone. As I would see it, it would either return to launch point, a preprogrammed coordinate set (maybe (0,0) if not set, or continue its operation for 90 hours, but then they would know where it is. Assume it lost GPS, then it should have another fallback option. Say land, continue straight ahead as best as it can using gyros, or maybe pup-up to a safe altitude before doing so.

They need eyes in the skies and ground search radar.

Astronomy next

We all know, that once you get in the vicinity of a BLACK hole, youdo not escape before you are WHITE (Supernova)

Not new

See the danish reporter here, Jesper Steinmetz. Full suit on top, reporting from the lawn in front of the white house.

As for trousers and footwear see the image in top of article.

https://www.independent.co.uk/news/weird-news/danish-tv-reporter-is-all-business-up-top-all-party-down-below-9633505.html

To get customers

This is to get customers for AzureAD.

The great secret here is, that App password completely bypasses any OAuth2 requirement, MFA etc.

Whatever filtering you create, app password just bypasses it - At least until team Evil gets users to create one for them :-)

Even better than getting user consent in 3 clicks.

Enterprise users on O365 will know, that Microsoft is about 1000% slower than anything they have used before :-)

But I guess we only get the leftover cycles from customers paying for those.

Macintosh

In the 80ties, I worked as a student at the campus Apple center, and later at the big Apple center in town.

We has harddisk issues as well. The Sony 20MB used in Macintosh SE/30 had lubrication that got thicker over time. So at some point, you could not let the computer stay without power over the weekend, or it would not boot monday morning.

First trouble shooting was to try to turn the whole computer 180 degrees back and forth more or less around the center of the harddrive. If that did not work, open the computer, out with the disk, and then in one hand twist it back and forth almost like making a milkshake. Then try to boot again.

It is unbelievable how many customers continue with the defective disk instead o just buying a new one. But SCSI disks where expensive at that time. And if not powered off, they could run for decades.

Rockstars

There are the ego type Rockstars, that gets their own isolated parts of the system, as nobody wantys to work with them. They are not really rockstars.

To me the Rockstar has a fanbase among the other developers, he is the one people comes to and asks for advice, and uses for sparring about new ideas. He is the one that will actually help the team as a whole, and communications is part of this. In a pure nerd group, comms is different than in a mixed skills group.

Current workplace has servicedesk people on duty 24/7.

People with knowledge are not on call. BUT, if things goes wrong, they will start calling managers, who then have to try to contact their employees. For now, there has always been someone who could help. And we are good at finding hacks to get things running until the right persons are available.

I have been guiding people over the phone from holidays in Italy. But I never bring a PC on holidays, so people can not expect more than that. And if it is work, I will usually answer only when it is convenient. So I mostly get SMS messages telling me to read mail.

BTW: After the on-call fees where suspended, all systems started to run much better during night. Now the people responsible did not want to get disturbed anymore.

Apple lost in Denmark

Apple lost court case in Denmark some years back. They can not repair with used parts, and can not use refurbished phones for warranty replacement.

They will have to repair with new parts, or give you a replacement with only new parts aka new device.

Not all companies are happy about this. But when my Polar watch had issues, I got factory new electronics, in my scratched case. My running watch before that was a Garmin, where 3 refurbished replacements all had issues.

But in Denmark Apply supplies factory new replacement units.

Java popular ?

How can you call Java popular ? Have you talked to a Java programmer recently ?

You might say it is one of the 3 most widespread languages (like diseases can be spread). But popular is a complete misconception.

For all that does not know, 9 out of 10 cases, AI stands for A-lot-of-Indians. They are cheaper to train, uses way less power, and generates results of the same quality as household AI available for decent money. It is real intelligence to substitute Indians for CPU.

Uganda

Uganda has authorities that spies on people. I worked there for some months 20 years ago, when a shared 64kbit wireless high latency connection was great.

After I got home, I was actually approached by somebody who wanted to recruit me to do hacking and spying on behalf of the politicians / secret police units.

I contacted my home intelligence service, and was told that I could take the contract if I wanted, as this was not targeting NATO or our citizens. I decided against it. So yeah, most governements outside western europe spies on its citizens.

Predictable ?

How can they even come up with an idea that evasive maneuvers should be predictable ?

Anything predictable is the the easiest to attack and kill. It should be completely unpredictable and crazy. It should be a surprise to any opponent or foreign AI (which usuaully means Alotof Indians).

The algoritms should be the most secret in the world, so will usually be outsourced to a contractor with development offices in Ukraine, Russia, India or China.

Apple was first

Apple was first with the foldable telephone that broke the screen.

Look back at iPhone 6 and #bendgate.

Samesong is just soo late at copying Apple failures.

How about blockchain

If somebody posts personal data about John Johnson on the blockchain, say for Bitcoin, how can John Johnson get it deleted ? This is also not possible.

I heard rumors that somebody who dislikes Bitcoin at some point upload a child pornographic image to the blockchain, basicly making the blockchain illegal material in most countries. Could have been government actor.

Turkey

I still do not understand why all engines will have to be serviced in the country that is now Russias best friend. That alone is a risk. But maybe they can deliver the worst job at the lowest price ?

Don't have crityical stuff done south of the alps, it is just as bad as Americans having things done south of the border.

Must have been decided by Mr. Donald himself.

GDPR

GDPR gives you 4 days to contact authorities after you have VERIFIED that a breach has taken place. There is no penalty for being slow to detect, or reading about your breach in media.

GDPR is mostly an excercise in getting documentation and processes in place, and very little about necesary technical controls.

1.1.1.1 conflict

I have actually seen many capture-portals on WiFi redirecting users to 1.1.1.1.

Not sure if this will be a problem, or if the 1.1.1.1 routing will work correctrly after accepting the WiFi terms&Conditions

Big problem

NOT. To get access to the keychain you need:

icloud username and pasword

and a verified device with 2FA.

Then you can get access to the keychain.

The only thing you bypass is really the local device password of the device having keychain access. Is this a problem ? Not really, but it means I will take my non-pasword protected iPad that the children uses, and move it to a family account.